Authenticating with JWT SSO
To provide a seamless experience to your members, it's best to authenticate them automatically into your product using the JWT SSO.
To do so, you should follow these steps:
- Follow the JWT SSO instructions to generate a JWT token.
- Generate an embed URL for your community, space, or post using the Embedding Bettermode instructions.
- Set the
redirect_uri
of the JWT SSO endpoint to the relative version of your embed URL.
Example
Let's say you want to seamlessly embed a space into your community. After generating the JWT token, you can follow the steps for embedding a space. The URL will look like this:
https://community.company.com/embed/space/product-updates-qo26s1ru?readonly=false&header=true&composer=true"
You can convert the above URL to a relative URL by removing your community domain/subdomain from the beginning of the URL:
/embed/space/whats-new?readonly=false&header=true&composer=true&about=true
The JWT SSO URL looks like this:
https://YOUR_COMMUNITY_DOMAIN/api/auth/sso?redirect_uri={{Redirect URI}}&jwt={{Generated SSO Token}}
After replacing the redirect_uri
value, the final URL will look like this:
https://YOUR_COMMUNITY_DOMAIN/api/auth/sso?redirect_uri=%2Fembed%2Fspace%2Fwhats-new%3Freadonly%3Dfalse%26header%3Dtrue%26composer%3Dtrue%26about%3Dtrue&jwt=sample_generated_jwt_value
Please note that you should apply encodeURIComponent
function (or similfor encode URI method) on the redirect_uri
value.
Node.js Example
Here is a sample Node.js Express app snippet for generating the IFrame url:
const jwt = require("jsonwebtoken");
const privateKey = "{Your Private Key}";
// `app` is an express app instance
app.get('/your/app/route', (req, res) => {
// Considering your user object is stored in `req.user`
const userData = {
sub: req.user.id
email: req.user.email
name: req.user.name,
iat: Math.round(new Date().getTime() / 1000),
exp: Math.round(new Date().getTime() / 1000) + 60,
};
// JWT token for authenticating the user
const jwtToken = jwt.sign(userData, privateKey, { algorithm: "HS256" });
// Generated by space embed generator and converted to a relative URL
const embedURL = '/embed/space/product-updates?readonly=false&header=true&composer=true'
const iframeSrc = `https://community.company.com/api/auth/sso?jwt=${jwtToken}&redirect_uri=${encodeURIComponent(embedURL)}`
// You can pass the `iframeSrc` to your rendering engine such as Pug instead
res.send(`<html><body><iframe src="${iframeSrc}" frameBorder="0" width="100%"></iframe></body></html>`)
})